1. Field
This disclosure relates generally to semiconductor devices, and more specifically, to securely patching boot read-only memory for system-on-chip (SoC) devices.
2. Related Art
A System-on-chip (SoC) under development includes many components such as a processor, memories, peripherals and buses. Some SoCs implement on-chip boot Read Only Memories (ROMs) where others do not and implement on-chip flash or use off-chip memories for storing the instructions for bootstrapping the processor. When security is a consideration and on-chip flash is not an option, a boot ROM is preferred because once the SoC is manufactured the ROM cannot be changed. A boot ROM can also serve as trusted code for authenticating software that runs on the processor. When a processor boots up after a power-down or reset, an initialization process can include patching areas of ROM on the SoC with instructions and/or data that corrects known problems or adds additional capability. Due to security concerns, the existing on-chip ROM patch mechanism is disabled for all boot ROMs supporting secure boot. The fundamental issue is if patching is not done with care, it can weaken the trusted nature of ROM code. If left enabled, existing patch mechanisms can compromise the secure boot process due to the potential of unauthorized, untested changes being introduced.
Fixing problems without using patches in the on-chip ROM requires revised circuit masks, and with shrinking process technologies, revising one or more masks for ROM fixes are becoming more expensive. A C40 ROM mask for example is twice as expensive as C65 silicon wafer mask. Such ROM revisions also require significant development, verification effort and customer integration, which adds significant delays to product launches and hence delayed revenue. It is very desirable to have a secure on-chip ROM patch mechanism to work around issues and changing requirements once the SoC has been manufactured without having to create new silicon wafer masks.